IntSights' Blog

Last week, Brian Krebs, who runs the popular security blog KrebsOnSecurity, published some interesting research about how employees are posting corporate login credentials within tools that are exposed to web searches. In particular, he looked at Trello.com, a popular collaboration and project management tool, and found numerous instances of exposed login credentials on publically available Trello boards.

On a similar note, the IntSights Threat Research team published new research last week about organizations unknowingly exposing DevOps servers to the web. When servers and 3rd party tools are accessible online via simple search techniques, it becomes incredibly easy for hackers to discover sensitive information that was intended to only be accessed internally.

This is an alarming trend across all industries and organizations. Cyber security and IT teams need to start taking control of their organization’s various tools and systems to ensure they are being used and secured properly.

How Do Credentials Get Exposed in the First Place?

The use of cloud-based tools has increased dramatically over the past five to ten years, and for good reason. They’re simple to setup, easy to use and are always up-to-date with the latest version. However, this has led to different departments within a company using various online tools that aren’t purchased through a normal procurement process. This practice has become known as Shadow IT.

The teams that purchase and use these tools often don’t have the technical knowledge or skills to effectively secure them. They assume that the technology is only accessible to them without understanding the sharing and public-facing settings. Without the security and/or IT team being involved in the setup and management of the online tool, it becomes incredibly difficult for an organization to ensure these separate tools are secured properly.

It’s also difficult to enforce company-wide procurement policies because many teams like having the flexibility to adopt various tools that make them more efficient. So how do you provide the right level of flexibility and agility, without increasing your risk of exposure?

How Do You Protect Yourself?

To make sure your systems are secure, you need to take an external view of your organization. Look at your company the way a hacker might and try to figure out where your weak spots are.

Leveraging an external monitoring or threat intelligence tool can help you do this. These tools will map your full digital footprint and identify situations where credentials or exposed data is accessible on the open web, meaning a cyber criminal could find a way to access that page, server or resource.

As your organization grows and likely uses more and more web-based tools, it’s important that you are able to keep tabs on these different technologies and identify mistakenly exposed information before an outside party accesses it.

Interested in learning more about how companies are unknowingly exposing DevOps servers? Check out our research report below.

George S. Patton said “If everyone is thinking alike, then somebody isn’t thinking”. Alon thinks, but not like most of us. And it’s this quality that has given him vast experience and knowledge in the world of cyberthreat intelligence, and why he has succeeded in working in the most advanced environments in the world (most of which cannot be discussed here!). After serving in an elite intelligence unit in the Israel Defense Forces, Alon joined Guy Nizan to establish Cyber School, a center providing teenagers with courses, seminars and summer camp workshops on cyber intelligence.

Revolutionizing cybersecurity with the first of its kind enterprise threat intelligence and mitigation platform that drives proactive defense by turning tailored threat intelligence into automated security action.